U.S. Proposes a National Framework for the Regulation of Fintech

Federal regulators in the United States have released a series of recommendations that form a proposed national framework for companies engaged in financial technology (“Fintech”). In a report entitled “A Financial System That Creates Economic Opportunities: Nonbank Financials, Fintech, and Innovation” (the “Treasury Report” or “Report”),[i] the U.S. Department of the Treasury (the “Treasury”) sets forth sweeping recommendations regarding the regulation of Fintech. The Treasury Report recommends that the Office of the Comptroller of the Currency (the “OCC”) issue a new form of a special purpose national bank charter. The Report endorses bank sponsorships of third party Fintech companies that do not seek their own charter but instead seek to partner with existing banks. It encourages banks and other firms that offer consumers financial services to develop mechanisms to enable consumers to provide third parties with access to that information. It advocates specific measures to harmonize the current disparate state regulation of Fintech, particularly with respect to money transmission and lending requirements. Finally, the Treasury Report encourages regulators to develop a regulatory “sandbox” for financial innovation, among numerous other proposals.

The OCC thereafter released a policy statement (the “OCC Policy Statement”)[ii] formally announcing that it will accept applications by Fintech companies for a new special purpose charter,[iii] and finalized a supplement to the OCC’s licensing manual (the “Manual Supplement”)[iv] that provides guidance for such applications. Taken together, the actions by Treasury and the OCC represent a step toward creating a national framework for the regulation of Fintech. Although the Treasury Report and OCC special purpose charter could be criticized as a federal government “power grab,” the Report contemplates extensive coordination between federal banking agencies and state regulators supplemented by discreet statutory revisions by Congress and additional rule-making and guidance by the bank regulatory agencies.

I. National Fintech Framework Proposed

A key component of the national framework set forth by the Treasury involves the OCC following through on its 2016 proposal to issue a new form of a special purpose charter. An OCC charter would permit Fintech companies to operate on a uniform basis across the country under the supervision of one federal regulator. As noted by the OCC, the business of banking evolves over time, as do the types of institutions that provide banking services, and companies that engage in the business of banking in new and innovative ways should have the same opportunity to obtain a national bank charter as companies that provide banking services through more traditional means. In announcing that it will now accept applications for a special purpose charter and issuing related guidance on the chartering process for Fintechs, the OCC has taken a critical step in making this proposal a reality.

A. OCC Special Purpose National Bank Charter

A special purpose charter from the OCC could be attractive to Fintech companies. Most Fintech companies rely on the internet and mobile communications platforms to operate on a nationwide basis. A special purpose charter would allow Fintech companies to exchange 50 (or more) regulators for a single national regulator. As a form of a national bank, such an institution would have the ability to export terms on a nationwide basis and avoid state-by-state licensing requirements as well as state-by-state supervision.[v] For example, 49 states currently regulate money transmission, all states impose some form of regulation on consumer lending and several states impose licensing requirements for commercial lending.

The OCC has explained that these new special purpose entities would not be permitted to accept deposits. This would allow such entities to operate without applying for deposit insurance and subjecting themselves to regulation and supervision by the Federal Deposit Insurance Corporation (the “FDIC”). Without a requirement to accept deposits, these special purpose entities would not be “banks” for purposes of the Bank Holding Company (“BHC”) Act and, therefore, their controlling shareholders would not be subject to regulation and supervision by the Board of Governors of the Federal Reserve System and the activities restrictions under the Bank Holding Company Act (“BHC Act”). These features may make an OCC special purpose charter attractive to venture-capital and private-equity backed enterprises.

State regulators have previously criticized the OCC special purpose charter as a mechanism for allowing Fintechs to escape regulatory scrutiny.[vi] The same criticism can (and has been) directed at Federal charters generally. Although it is true that an OCC-chartered entity can largely operate free of state interference, such entities are not free from regulation. The OCC has cautioned that entities that receive a special purpose charter will be subject to the same high standards that apply to all national banks. These standards include capital and liquidity requirements as well as non-public operating agreements that specific unique regulatory requirements based on the each institution’s unique facts and circumstances.[vii] The operations of a Fintech that receives a special purpose charter also will be subject to the panoply of regulatory and consumer protections governing all banks, including compliance with truth in lending and truth in savings disclosures, fair credit reporting, protections for electronic funds transfers, requirements specific to service members, anti-money laundering and sanctions laws and prohibitions on engaging in unfair or deceptive acts or practices, as well as be subject to legal lending limits, restrictions on transactions with affiliates and insider lending requirements. In addition, applicants for a special purpose charter will be required to submit a comprehensive business plan for the OCC’s review and approval that must cover the first three years of operations. Such business plan must include a description of products and services to be offered, analysis of perceived risks, the bank’s plans for risk management systems and internal controls, as well as financial projections and appropriate capital to be held.[viii] Signification deviation from the business plan during that period requires prior OCC approval.[ix]

Although a special purpose entity will not be subject to the Community Reinvestment Act (“CRA”) because it will not accept deposits,[x] the OCC will require that such entities demonstrate a commitment to “financial inclusion” similar to requirements imposed by the CRA on deposit-taking institutions.[xi] The specific nature of these “financial inclusion” requirements will depend on the company’s business model and the types of products and services it plans to provide.[xii] As noted in the Manual Supplement, a component of the charter process will be evaluating each applicant’s commitment to financial inclusion, including the proposed goals, approaches, activities, milestones, commitment measures and metrics for serving the anticipated market and community.[xiii]

Finally, the Treasury Report notes that further clarification will be needed from the Federal Reserve regarding whether special purpose entities will have access to the Federal Reserve’s payment systems. Although such firms will be a type of national bank and national banks are required to be members of the Federal Reserve System pursuant to the Federal Reserve Act,[xiv] the statute does not give national banks automatic access to the Federal Reserve’s payment systems, such as FedWire.[xv] The concept of limiting access to the Federal Reserve’s payment systems appears to emanate from a statutory prohibition for limited purpose trust companies, which are not deemed “banks” for purposes of the Bank Holding Company Act,[xvi] and which by statute are prohibited from accessing the Federal Reserve’s payment systems. Resolving this issue in a way that gives special purpose entities direct access to the Federal Reserve’s payment systems would significantly reduce the operating costs for such institutions as it would enable them to bypass existing Federal Reserve banks for purposes of sending and receiving funds.

Litigation Likely Pending Issuance of First Charter

The OCC’s announcement that it will accept application for a special purpose charter by Fintech companies increases the likelihood that state banking regulators will renew litigation against the OCC based on the allegation that the National Bank Act[xvii] does not permit the OCC to charter non-depository institutions, and that doing so violates the 10th Amendment of the United States Constitution.[xviii] These claims were first raised in two lawsuits, one by the Conference of State Bank Supervisors (“CSBS”) in April 2017, and the other by the New York Department of Financial Services (“DFS”) in May 2017. Both cases were dismissed for not being ripe, because a special purpose charter had not yet been issued.[xix] Subsequently, DFS Superintendent Maria Vullo made clear that DFS would sue again if the OCC issues a special purpose charter.[xx]

In defending the proposed special purpose charter in the CSBS and DFS litigation, the OCC asserted that the National Bank Act authorizes the OCC to grant charters to national banks to engage in the “business of banking,” which the OCC interprets to include at least one of the three “core banking functions”: taking/issuing deposits, paying checks (or the digital equivalent) or lending money.[xxi] The OCC noted that the formulation of the “business of banking” is consistent with Section 36 of the National Bank Act which defines a national bank “branch” as a place of business “at which deposits are received, or checks paid, or money lent.”[xxii] While Section 36 of the National Bank Act does not include the term “business of banking,” in Clarke v. Sec. Indus. Ass’n, 479 U.S. 388 (1987), the Supreme Court construed the statutory phrase the “general business of each national banking association” by reference to the core activities listed in Section 36.[xxiii] The close textural resemblance of “the business of banking” to the “general business” of each bank arguably supports the OCC’s view that the “business of banking” includes each of the taking/issuing of deposits, the paying of checks (and the digital equivalent) and lending.[xxiv]

B. Strong Support of the Bank Sponsorship Model

As not all Fintech companies will want to seek a special purpose charter, the Treasury formally endorsed contractual bank sponsorship arrangements between Fintech companies and third party banks. The report offers several proposals to help clarify operations under these arrangements. Under a typical bank sponsorship, a Fintech company and depository institution enter a contractual relationship whereby the Fintech provides financial services on behalf of the bank as if the bank itself provides them.[xxv] For Fintech companies with nationwide operations, a bank partnership model can be attractive because interest is permitted to be charged under the laws in which the partner bank is located, rather than be subject to rate limits and disclosure requirements in the states based on the location of the borrower, which could be required if the Fintech company itself originated the loan. For payments companies, a bank sponsorship may alleviate requirements to obtain state licenses for money transmission.

The Treasury Report states that “it is important to encourage the partnership model to promote innovation,” and recommends that the bank regulatory agencies tailor their third party guidance to the needs and particularities of these arrangements.[xxvi] Treasury notes that currently, the supervisory and examination requirements imposed on Fintech partners of banks are based on third party guidance that was originally offered in the context of traditional third-party vendors to a bank. Treasury notes that these requirements impose burdens, such as extensive due diligence information requests that are not commensurate with the size and operations of most Fintech companies. Accordingly, Treasury recommends that the federal banking regulators should, in coordination with each other, review and revise current third-party guidance through the notice-and-comment rulemaking process to harmonize and tailor the scope and application of applicable guidance.[xxvii] The report urges regulators to focus on the following:

Further develop the framework to regulate partnerships with Fintech lenders to apply strong and tailored regulatory oversight while supporting banks (particularly small community banks) to partner with Fintech companies;

Provide greater clarity around the vendor oversight requirements for cloud service providers;

Support more secure methods for consumers to access their financial data, such as through Application Program Interface (“API”) agreements between banks and data aggregators; and

Identify common tools banks can leverage as part of due diligence efforts, such as robust independent audits, recognized certifications, and collaboration among institutions in an effort to enhance efficiencies and reduce costs.

Recommends Statutory Changes to Facilitate Operations

To address issues that undermine the efficacy of the bank sponsorship model, the Treasury Report also recommends that Congress codify the “valid when made” doctrine and resolve uncertainty around the “true lender” of certain loans. Treasury notes that legal challenges to loans originated under these models have adversely impacted the lending markets.[xxviii]

Specifically, the Report endorses a legislative fix to the Second Circuit’s 2015 decision in Madden v. Midland Funding, LLC, which held, in part, that the National Bank Act, which preempts state usury laws with respect to the interest a national bank may charge on a loan, did not preempt state-law usury claims against a third-party debt collector that had purchased the loan.[xxix]The Madden court did not apply or refer to application of the common law “valid when made” doctrine, which provides that a loan contract that is valid when it was made cannot be invalidated by any subsequent transfer to a third party. The Treasury Report notes that in an amicus brief at the certiorari stage, the United States, acting through the OCC, took the view that the court of appeals “erred in holding that state usury laws may validly prohibit a national bank’s assignee from enforcing the interest-rate term of a debt agreement that was valid” when made under the applicable state law. The U.S. Supreme Court, however, declined to hear the case.

Because of Madden, and until Madden is addressed by Congress or the Supreme Court, the ability of nondepository third parties to collect debts originated by depository institutions in reliance upon federal preemption of state usury law limits could be limited in the Second Circuit (and any other Circuit that follows the Madden court’s lead), which the Treasury believes restricts access to credit. In particular, unsecured consumer credit could be diminished because nonbank firms such as marketplace lenders may be discouraged from purchasing and attempting to collect on, sell, or securitize loans by the risk of litigation asserting violations of state usury laws. Accordingly, the Treasury Report recommends that Congress codify the “valid when made” doctrine to “preserve the functioning of U.S. credit markets.”[xxx]

Treasury also recommends a legislative fix to another legal challenge to the bank partnership model, whereby parties have asserted that banks that partner with Fintech companies are not the “true lender” of the loans they originate, which are marketed and ultimately sold to and serviced by a marketplace lender. A legal finding that the bank is not the true lender of such loans eliminates the benefit and foundational purpose behind the partnership, specifically, that the Fintech company may rely on the originating bank’s powers to extend credit. Accordingly, Treasury recommends that Congress codify, and the banking regulators reaffirm, that a partnership between a bank and a third-party marketplace lender does not affect the role of the bank as the true lender of loans originated and serviced in this manner.[xxxi]

C. Data Aggregation Concerns Aired

The Treasury Report also addresses data aggregation. As the report explains, consumers have grown accustomed to accessing information about their many financial accounts through smart phones, PCs, and other devices. They have also come to rely on a host of applications that help them save, provide them financial advice, protect them against fraud and identity theft, and even help them avoid bank overdrafts and other charges. By and large, the firms that provide these applications do not hold the underlying consumer financial accounts. In order to get access to the information necessary to make these applications useful, these app developers rely on data aggregators, who collect account credentials from consumers to retrieve information from banks and other financial service providers and deliver that information to the app developers. As the Report explains, although this industry has become quietly ubiquitous, it has been a source of controversy in the United States with banks, principally, pushing regulators to support efforts to cut aggregators and, by extension, consumers off from access to account level information.

As the Treasury Report details, the controversy in the U.S. over data access contrasts sharply with the experience in other countries. The Report devotes two pages to explaining how data aggregation has evolved in the United Kingdom (the “U.K.”). As it explains, in 2016, the U.K.’s Competition and Markets Authority concluded that retail banking in the U.K. was dominated by a handful of firms and issued a report that offered a series of recommendation to introduce competition to the industry. Among other things, the Competition and Markets Authority recommend that the nine largest retail financial institutions in the U.K. be required to make account information available to third-party developers. That recommendation, as the Treasury Report explains, was eventually realized in a standard API that provides Fintech developers with “read/write” access to account level information. The standardized API interface allows “consumers to retain full power over their account level information.”

Although the Treasury Report hesitates at urging the United States to follow the U.K. as a model, it observes that the financial services industry in the U.S. seems stuck in a debate that the U.K. has leapfrogged—whether account level Information should be accessed through screen-scraping (i.e., accessed by firms that collect consumer credentials and use those credentials to collect information) or served up via standardized APIs. To resolve this debate, the Report offers a detailed set of recommendations and observations.

Delegated Access. The Report reads the single provision of Federal law that speaks to the issue of account level access, Section 1033 of the Dodd-Frank Act, to give a consumer the right to authorize an “agent, trustee, or representative” to detailed account level information in electronic form.

Screen Scraping v. APIs. The Report urges the industry to move beyond screen scraping as the means of accessing account level information. According to the Report, there is “universal agreement among financial services companies” that screening scraping is “highly risky practice.”[xxxii]

Disclosures. The Report notes that data access requires express consumer authorization, but it observes that disclosures related to account access are not always “transparent, comprehensible, and readily accessible.”[xxxiii] The Report recommends that disclosures be improved. It also recognizes that disclosure alone may not suffice to protect the consumer interests at stake in providing access to sensitive information. To further protect consumer interest, it recommends that consumers be given “an easy way to revoke their consent to data aggregator access to their financial account and transaction data.”[xxxiv]

Standardization. The Report notes that the access to account level information has not been standardized across the industry. It notes that the differences render different data access services incompatible with one another. It urges industry participants to converge on “[a] standardized set of data elements and formats” and, if that fails, calls on “Congress and financial regulators to evaluate whether federal standards are appropriate to address these issues.”[xxxv]

Regulation of Data Aggregators. The Report notes data aggregators are not subject to a comprehensive regulatory framework such as the one that applies to banks, but that they are subject “to regulation under the federal consumer protection laws administered by the FTC as well as state consumer protection laws.”[xxxvi] The Report refrains, however, from recommending that Congress or other regulators create such a framework. Instead, it claims that movement away from screen scraping as the dominant mode of access account level information should address “the most significant concerns” raised by data aggregators.

D. Regulatory Sandboxes

The Treasury Report also discusses how the existing regulatory approach to financial services—with binary outcomes of approval or disapproval without clearly defined regulatory objectives—inhibits innovation in an industry that is being reshaped by significant changes in technology.[xxxvii] Accordingly, Treasury recommends the creation of a “regulatory sandbox” approach to promote adoption and growth of innovation in financial services by providing tailored regulatory relief.[xxxviii] Such approach has been implemented both in the United Kingdom[xxxix] and currently in the state of Arizona.[xl]

The Treasury Report provides several suggestions for specific efforts to launch this initiative, including the creation of an agency innovation office to create a central point of contact, issuance of guidance or no-action letters (which may be time-limited) to permit experimentation in the marketplace, agency-wide working groups that span multiple divisions and offices to address new technology trends, and engagement with foreign regulators on new developments, including cross-border collaboration agreements.[xli] Treasury also suggests that this effort should:

Provide equal access to companies in various stages of the business lifecycle (e.g., startups and incumbents);

Delineate clear and public processes and procedures, including a process by which firms enter and exit;

Provide targeted relief across multiple regulatory frameworks;

Offer the ability to achieve international regulatory cooperation or appropriate deference where applicable;

Maintain financial integrity, consumer protections, and investor protections commensurate with the scope of the project; and

Increase the timeliness of regulator feedback offered throughout the product or service development lifecycle.[xlii]

Treasury also notes that regulators are inhibited in their ability to explore and regulate new technologies because of statutory restrictions on their flexibility to procure new technologies. Treasury, therefore, recommends that Congress enact legislation authorizing financial regulators to use an exemption to procurement laws and procedures that has typically only applied in the defense and national security space.[xliii]

Notwithstanding the Treasury Report’s emphasis on maintaining prudent regulation over Fintech companies, the recommendation for a regulatory sandbox will face stiff state opposition. For example, New York DFS Superintendent Maria T. Vullo recently noted “A sandbox is where toddlers play. Adults play by rules and if you engage in banking activities, that means you are responsibly regulated in order to protect the customers. Period.”[xliv]

E. Treasury’s Recommendations to Address Impediments to Nationwide Operations Under the Laws of Each State and Jurisdiction

To facilitate a more efficient provision of financial services using the traditional state model of regulation, the Treasury Report endorses the “Vision 2020” promulgated by the CSBS, which contemplates establishing a Fintech Industry Advisory Panel to improve and revise state-by-state regulation, harmonizing supervisory processes and redesigning the Nationwide Multistate Licensing System (“NMLS”).[xlv] In the money transmission space in particular, Treasury notes that the current regime, by which money services businesses are regulated by 49 states, Washington, D.C. and Puerto Rico, has led to regulations that are cumbersome, duplicative, and in some cases contradictory, and has resulted in an inefficient examination process.[xlvi] Treasury also recommends further development and adoption of the Uniform Law Commission’s Money Services Act of 2000, which to date has only been adopted by 12 states or territories, as well as the more widespread adoption of the NMLS.[xlvii] Treasury notes that Congress has used a similar model previously, with the establishment of minimum mortgage licensing requirements under the SAFE Act.[xlviii]

Treasury cautioned that “that if states are unable to achieve meaningful harmonization across their licensing and supervisory regimes within three years, Congress should act to encourage greater uniformity in rules governing money transmission and lending to be adopted, supervised, and enforced by state regulators.”[xlix]

II. Additional Specific Recommendations in the Treasury Report

The Treasury Report makes numerous additional recommendations touching on a variety of issues impacting Fintech companies, in both the payments and lending spaces. The following represents significant recommendations. An exhibit to this Stay Current is the complete list of recommendations from the Report.

A. Payday Lending Rule

The Treasury Report recommends that the Bureau of Consumer Financial Protection (the “Bureau”) rescind its rule entitled “Payday, Vehicle Title, and Certain High Cost Loans” (the “Payday Rule”), issued in November 2017, that applies to lenders that extend credit with terms of 45 days or less as well as longer term credit with balloon payments (“Covered Loans”).[l] The rule imposes extensive requirements on lenders offering Covered Loans, including that the lender must determine that a borrower has the ability to repay the loan. Treasury argues that short-term, small-dollar loans are in high demand in the marketplace and that the Payday Rule imposes onerous obligations that restrict access to such loans to the harm of consumers.[li] Treasury also recommends that bank regulatory agencies encourage banks to enter this market, and that the FDIC reconsider its guidance on direct deposit advance services and replace it with guidance similar to the OCC’s recent core lending principles for short-term, small-dollar installment lending.[lii]

B. Reform to Retail Payments System

In describing the significant evolution of the payments system in recent years, the Treasury Report notes that although innovation has impacted the consumer facing aspects of the system, the “back-end processes that actually move value throughout the financial system” have largely remained untouched.[liii] Treasury considers the back-end system to be fragmented and outdated, which has resulted in its regulation by an incoherent set of regulations, including those imposed by banking agencies, state money transmission statutes and private payment network rules. Additionally, only regulated financial institutions have access to the infrastructure. In the Treasury’s view, the fragmentation of the system has led to its entrenchment despite the evolution of technology.

The Federal Reserve should move more quickly to facilitate a faster retail payments system, such as through the development of a real-time settlement service;

States should harmonize money transmission requirements for licensing and supervisory examinations; and

The Bureau should continue in its efforts to reform Regulation E, including providing more flexibility regarding disclosures and raising the current 100-transfer per annum threshold for application of the de minimis exemption.[liv]

C. Data Access

The Treasury Report includes an extended discussion of data access for consumers, arguing that consumers have a legally protected interest in delegating account access to third parties and advocating for federal regulation to facilitate that process.[lv] As the Treasury notes, Section 1033 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”)[lvi] states that financial services companies subject to the Bureau’s jurisdiction as covered persons[lvii] are required to make available to consumers, upon request, financial account and transaction data in connection with services provided by the financial services company.[lviii]

Some financial services companies have argued that data aggregators are not covered by Section 1033, such that consumers would not be permitted to access data through consumer-authorized data aggregators and Fintech applications. Treasury affirmatively rejects that view, noting that the Dodd-Frank Act defines “consumer” to include “an agent, trustee, or representative acting on behalf of an individual.”[lix] Treasury recommends that the Bureau and other federal regulators and stakeholders work together to determine appropriate governance of data aggregation based on the principle that consumers must be able to access financial account and transaction data through Fintech applications, and suggests that new federal regulation of data aggregators may be appropriate.[lx]

D. Credit Services

Treasury notes that many states impose licensing obligations on parties that arrange bank loans, which undermines the ability of banks to use third-parties to help facilitate debt collection. Treasury recommends that states revise credit services laws to exclude businesses that solicit, market, or originate loans on behalf of a federal depository institution pursuant to a partnership agreement.[lxi]

E. Permissible Activities of Controlling Investors

Treasury recommends that the Federal Reserve consider how it defines “control” to provide a simpler and more transparent standard to facilitate innovation-related investments. Treasury notes that the current application of the BHC definition of “control” can be difficult to determine because it relies upon Federal Reserve discretion under a process that is not always transparent. Treasury believes that the resulting uncertainty can discourage banks from making investments in Fintech firms because if the Fintech firm were to become a BHC affiliate, the Fintech firm would then become subject to BHC-related restrictions. Accordingly, Treasury recommends that (a) the banking regulators harmonize their respective interpretations of the activities in which banking organizations are permitted to engage in and (b) that the Federal Reserve reassess the definition of BHC control to provide a simple and transparent standard.[lxii] Given that the Federal Reserve has publicly announced potential revisions in the near future to Regulation Y, which includes the regulatory definition of control, there will be opportunities to implement this otherwise aspirational recommendation.

F. Digital Communications

The Treasury Report includes several recommendations to modernize regulation of digital communications. Several of these recommendations are directed at the implementation of the Telephone Consumer Protection Act (“TCPA”). The report argues that current interpretation of the TCPA limits how financial institutions use digital communication channels to communicate with consumers and makes financial institutions particularly wary of using text messages.[lxiii] The Treasury also advocates for reform of the Fair Debt Collection Practices Act, which Treasury believes currently makes interactions between debt collectors and consumers needlessly cumbersome. In particular, the report notes that inadvertent disclosure of information can create litigation risk for financial institutions and discourages financial institutions from using digital means to transmit certain consumer data, even though digital transmission is increasingly preferred by consumers.[lxiv] Treasury makes several recommendations intended to recognize and encourage the increased digitization of consumer communications.[lxv]

G. Wealth Management and Digital Financial Planning

The Treasury Report notes that the regulation of financial planning is highly fragmented. It observes that regulatory fragmentation creates confusion among financial planners, increases compliance costs, and makes it difficult to conduct integrated financial planning for consumers.[lxvi] Treasury recommends that federal regulators designate a single regulator (most likely the SEC or a state securities regulator) as the primary regulator for a given financial planner, and that other applicable regulators defer to the designated agency.[lxvii] Treasury also suggests the creation of self-regulatory organizations to oversee financial planners, subject to oversight by federal regulators.[lxviii]

H. Mortgage Lending and Servicing

The Treasury Report describes how the primary residential mortgage market has evolved since the 2008 financial crisis. It notes that banks have largely exited the market for mortgage origination. It attributes the shift in mortgage origination from banks to non-banks to a number of factors, including new regulatory requirements as well as the pace of technological adoption by non-banks.[lxix] The report offers a number of recommendations to reduce compliance costs and streamline the process of originating new mortgages.[lxx]

I. Student Lenders and Servicers

The Treasury Report also recommends that the U.S. Department of Education establish and publish minimum effective servicing standards for federal student loans, including recommendations intended to increase the use of technology in communication with borrowers, enhanced performance monitoring and greater accountability for educational institutions participating in the program.[lxxi]

J. Credit Bureaus

Treasury notes that, despite the critical role they play in the functioning of the credit markets, credit bureaus are not routinely supervised for compliance with federal data security requirements of the Gramm-Leach-Bliley Act.[lxxii] Treasury recommends that the relevant agencies coordinate supervision. Additionally, Treasury recommends that Congress amend the Credit Repair Organizations Act to exclude national credit bureaus and national credit scorers in order to allow these entities to proactively provide education to consumers to improve their credit scores.[lxxiii]

K. Artificial Intelligence

The Treasury Report expresses optimism that artificial intelligence and machine learning will improve growth and innovation, but also warns that “legal and algorithmic decision-making” may give rise to “discrimination through the potential to compound existing biases, through training models with biased data and the identification of spurious correlations.”[lxxiv] Treasury states that one important factor is to ensure that underlying data is not incorrect, fraudulent, or otherwise inclusive of discriminatory assumptions. Another factor is to ensure that humans play an appropriate role in decision-making processes and that models are sufficiently transparent so as to indicate to consumers, when necessary, the basis for certain decisions.[lxxv]

III. Conclusion

The Treasury Report and OCC Policy Statement lay out an expansive framework to improve the national regulation of the Fintech sector. In particular, the issuance of special purpose charters for Fintech companies, the codification of guidance for sponsorship arrangements between banks and Fintech companies (and proposed legislative fixes to shore-up the sponsorship model), the push for standardized access to account level information, and the harmonization of state money services business regulation and supervision would, collectively, be a significant step toward providing regulatory consistency and certainty for the Fintech industry.

Paul Hastings attorneys are actively working with clients regarding issues raised in the Treasury Report and by the OCC Special Purpose Charter, including the advantages and disadvantages of the charter compared a bank sponsorships and full service banks. Please contact your Paul Hastings contact if you would like to discuss any of these issues in further detail.

[xiv]See 12 U.S.C. § 222, which provides that: “Every national bank in any State shall, upon commencing business or within ninety days after admission into the Union of the State in which it is located, become a member bank of the Federal Reserve System by subscribing and paying for stock in the Federal Reserve bank of its district in accordance with the provisions of this chapter and shall thereupon be an insured bank under the Federal Deposit Insurance Act [12 U.S.C. §§ 1811 et seq.], and failure to do so shall subject such bank to the penalty provided by section 501a of this title.” While Section 222 is a provision of the Federal Reserve Act, neither the OCC nor Treasury in its endorsement of a new special purpose charter has addressed the last clause of Section 222 regarding member banks being deemed an insured bank under the Federal Deposit Insurance Act.

[xviii]Conference of State Bank Supervisors v. Office of the Comptroller of the Currency, et al., Civil Action No. 17-0763, United States District Court for the District of Columbia (Memorandum Of Opinion) (April 30, 2018); Maria T. Vullo, in her official capacity as Superintendent of the New York State Department of Financial Services v. Office of the Comptroller of the Currency, Joseph M. Otting, in his official capacity as U.S. Comptroller of the Currency, 17 Civ. 3474, United States District Court for the Southern District of New York (Dec. 12, 2017).

[xxiii] 12 U.S.C. § 81. Specifically, Section 81 restricts the locations at which a national bank may conduct business. “The general business of each national banking association shall be transacted in the place specified in its organization certificate and in the branch or branches, if any, established or maintained by it in accordance with the provisions of [12 U.S.C. § 36].”

[xxiv] If you would like more analysis about the challenges that litigants might raise, please see our prior Stay Current, State Regulators Mount Counter-Offensive Seeking to Stop OCC’s Fintech Charter, dated May 3, 2017. We also note the potential challenge that appears to be presented by the Federal Reserve Act, 12 U.S.C. 222 (see supra footnote 12). Additionally, we are aware that certain networks require FDIC insurance to be a member.

[lvii] 12 U.S.C. § 5481(6). A covered person is defined as “any person that engages in offering or providing a consumer financial product or service,” and any affiliate of such a person, if the affiliate acts as a service provider to that person. As the Treasury Report notes, notwithstanding the broad definition of “covered person,” other provisions place limits on the Bureau’s jurisdiction for certain entities. See, e.g., 12 U.S.C. § 5517.

[lx] Treasury Report at 31, 39 (“To the extent that any additional regulation of data aggregation is necessary, Treasury recommends that it occur at the federal level by regulators that have significant experience in data security and privacy, and that will have, through legislation if necessary, broad jurisdiction to ensure equivalent treatment in the nonfinancial sector.”).